<?php
//要过滤的非法字符
$ArrFiltrate = array (
	"union",
	"<script",
	"/script>",
	"alert",
	"javascript",
	"<table",
	"<td",
	'"',
	"delete",
	"vbscript",
	"applet",
	"frame",
	"<div",
	"update",
	"'",
	";",
	"and ",
	" and",
	"select",
	"content",
	"location",
	"content",
	"transfer",
	"encoding",
);

function diguiFilter(&$p, $ArrFiltrate,$c) {
	for ($i=0;$i<$c;$i++) {
		$sql = $ArrFiltrate[$i];
		if (strpos(strtolower($p), $sql)!==false) {
			$p = preg_replace('#' . $sql . '#i', '', $p);
			diguiFilter($p, $ArrFiltrate,$c);
		} else {
			if($i==$c-1){return;}
		}
	}
}

function FunStringExist(&$array,$ArrFiltrate,$c=0)
{
	if($c==0){
		$c=count($ArrFiltrate);
	}
	if (is_array($array))
	{
		foreach ($array as $key => $value)
		{
			if (is_array($value))
				FunStringExist($array[$key],$ArrFiltrate,$c);
			else
				diguiFilter($array[$key], $ArrFiltrate,$c);
		}
	}
}

FunStringExist($_GET,$ArrFiltrate);
FunStringExist($_POST,$ArrFiltrate);
